/** * polkit_subject_from_string: * @str: A string obtained from polkit_subject_to_string(). * @error: (allow-none): Return location for error or %NULL. * * Creates an object from @str that implements the #PolkitSubject * interface. * * Returns: (transfer full): A #PolkitSubject or %NULL if @error is * set. Free with g_object_unref(). */ PolkitSubject * polkit_subject_from_string (const gchar *str, GError **error) { PolkitSubject *subject; g_return_val_if_fail (str != NULL, NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); /* TODO: we could do something with VFuncs like in g_icon_from_string() */ subject = NULL; if (g_str_has_prefix (str, "unix-process:")) { gint scanned_pid; guint64 scanned_starttime; gint scanned_uid; if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3) { subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid); } else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) { G_GNUC_BEGIN_IGNORE_DEPRECATIONS subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime); G_GNUC_END_IGNORE_DEPRECATIONS }
/** * nm_polkit_listener_new: * @for_session: %TRUE for registering the polkit agent for the user session, * %FALSE for registering it for the running process * @error: location to store error, or %NULL * * Creates a new #NMPolkitListener and registers it as a polkit agent. * * Returns: a new #NMPolkitListener */ PolkitAgentListener * nm_polkit_listener_new (gboolean for_session, GError **error) { PolkitAgentListener *listener; PolkitSubject* session; NMPolkitListenerPrivate *priv; g_return_val_if_fail (error == NULL || *error == NULL, NULL); listener = g_object_new (NM_TYPE_POLKIT_LISTENER, NULL); priv = NM_POLKIT_LISTENER_GET_PRIVATE (listener); if (for_session) { session = polkit_unix_session_new_for_process_sync (getpid (), NULL, error); if (!session) return NULL; } else session = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); priv->reg_handle = polkit_agent_listener_register (listener, POLKIT_AGENT_REGISTER_FLAGS_NONE, session, NULL, NULL, error); if (!priv->reg_handle) { g_object_unref (listener); g_object_unref (session); return NULL; } return listener; }
PolkitResult polkit_check_authorization_pid(pid_t pid, const char *action_id) { glib_init(); PolkitSubject *subject = polkit_unix_process_new_for_owner(pid, /*use start_time from /proc*/0, /*use uid from /proc*/ -1); return do_check(subject, action_id); }
int main(void) { pid_t parent_pid; GInputStream *stdin_unix_stream; /* Nuke the environment to get a well-known and sanitized * environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS * environment variable and similar. */ if (clearenv () != 0) { FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno)); return 1; } #if !GLIB_CHECK_VERSION(2,36,0) g_type_init(); #endif loop = g_main_loop_new(NULL, FALSE); authority = polkit_authority_get_sync(NULL, NULL); parent_pid = getppid (); if (parent_pid == 1) { FATAL_ERROR("Parent process was reaped by init(1)\n"); return 1; } /* Do what pkexec does */ subject = polkit_unix_process_new_for_owner(parent_pid, 0, getuid ()); stdin_unix_stream = g_unix_input_stream_new(STDIN_FILENO, 0); stdin_stream = g_data_input_stream_new(stdin_unix_stream); g_data_input_stream_set_newline_type(stdin_stream, G_DATA_STREAM_NEWLINE_TYPE_LF); g_clear_object(&stdin_unix_stream); g_data_input_stream_read_line_async(stdin_stream, G_PRIORITY_DEFAULT, NULL, stdin_read_complete, NULL); g_main_loop_run(loop); if (polkit_cancellable) g_clear_object(&polkit_cancellable); g_object_unref(stdin_stream); g_object_unref(authority); g_object_unref(subject); g_main_loop_unref(loop); return exit_status; }
/** * polkit_system_bus_name_get_process_sync: * @system_bus_name: A #PolkitSystemBusName. * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * * Synchronously gets a #PolkitUnixProcess object for @system_bus_name * - the calling thread is blocked until a reply is received. * * Returns: (allow-none) (transfer full): A #PolkitUnixProcess object or %NULL if @error is set. **/ PolkitSubject * polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { PolkitSubject *ret = NULL; guint32 pid; guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, cancellable, error)) goto out; ret = polkit_unix_process_new_for_owner (pid, 0, uid); out: return ret; }